• Resolved mywebmaestro

    (@mywebmaestro)


    This morning I had several clients report they’ve been seeing “failed orders” in their stores, where the payment failed and the info was obviously fake. (See below.) I haven’t found any reference to this online yet, but wanted to know if there’s a way to determine if this is a general software spam attack against woocommerce stores overall, or something specific to sites on my server. Has anyone else here seen this? Or is there some way I can determine more information and/or protect against it?

    Order info:
    bbbbb bbbbb
    bbbbb
    74 xxxxxxx Rd
    xxxxxxx
    EX14 5HN
    United Kingdom (UK)
    xxx xxxx xxxx
    [email protected] (another one used [email protected])

Viewing 15 replies - 31 through 45 (of 159 total)
  • teamkits

    (@teamkits)

    It looks like the phone number used is 01193783697987, which is afganistan. I tried a few variations after searching on line and this did go through, but announcement said this phone was switched off or outside the coverage zone.

    Fucking scammers are everywhere. So many lately by phone, email, websites and so many through whatsapp!!

    What an evil world,

    Maisonwhite

    (@maisonwhite)

    Same here have received 2 orders (failed), have blocked the user in Wordfence! Although that doesn’t stop the same issue recurring if they register as another user. Our site is hosted on Siteground if that helps.

    Thread Starter mywebmaestro

    (@mywebmaestro)

    I’ve installed this plugin (which is free) https://www.ads-software.com/plugins/advanced-nocaptcha-recaptcha and allows reCAPTCHA to be used on WooCommerce checkout. Will keep fingers crossed it helps make a difference.

    thewigster1976

    (@thewigster1976)

    Yep same for me as well – 3 fake orders yesterday and 2 today.
    bbbbb bbbbb, 74 Eastbourne Rd, ROBOROUGH, EX14 5HN
    via PayPal

    Seems they create an account, place an order for the latest product that you have added and then tries to pay via PayPal (which doesn’t go through) and order stays in Pending status. IP’s always change from them.

    Thread Starter mywebmaestro

    (@mywebmaestro)

    Normally I’d look up the IP and send a complaint to the abuse email address but that has NEVER gotten any response so far.

    tysonfrantz

    (@tysonfrantz)

    Same here! 3 different attempts from the same user. 2 yesterday and 1 just now.

    joopleberry

    (@joopleberry)

    @paski1993 omg thanks for the heads up!! Yes the sites that were hacked did indeed have TI wishlist installed. thank you so much!!

    semaj28

    (@semaj28)

    I received two orders a day apart. Completely bullshit orders. Not sure how to tackle this but I will look into stripe resouces.

    Sadieb68

    (@lma2018)

    I’ve received another one this morning.
    I went back to siteground, who host my website. They have a site scanner in partnership with sucuri, it’s £18.72 for the year. I’m going to do that.
    My fake orders were also on product added last.
    I’m wondering whether to take the product off and reload it. Also wondering whether to disinstall woocommerce and reinstall.

    ianbarker24

    (@ianbarker24)

    I’ve received three attempted and failed orders yesterday with the same user credentials on a site I look after.

    Interested in any solutions.

    mschouten

    (@mschouten)

    Also received 2 fake orders with same address a day apart. I’m also installing the Advanced recaptcha, hope to see it helps.

    pgama35

    (@pgama35)

    Hi, i’ve also received the same attempt today.. Any solution ?
    Howeve, I’ve found this plugin “No CAPTCHA reCAPTCHA for WooCommerce”, i don’t know if it works…

    rochb

    (@rochb)

    Had 4 of these orders in the last 48hours.
    Luckily I have WordFence installed and the payments have all failed and cancelled. The ip addresses are never the same, Poland, Russia, Netherlands and United States. So blocking via ip isn’t going to help. I noticed in the user section I had a number of new users, with various abuzz accounts and also desry??
    I have downloaded the advanced recaptcha – will have to see if this helps to prevent these orders.

    dev

    (@devksec)

    So for anyone affected by this I would do the following:

    1. Ensure you have a WAF in place such as Wordfence or similar
    2. Remove the vulnerable pluging that the attacker is trying to exploit “TI WooCommerce Wishlist’ – This needs to be deleted not just disabled
    3. Delete the attackers user account
    4. Block the IP of the attacker in your WAF (Be aware they will try again from different IPs)
    5. Setup looking with WP-Logger so you have audit any of the sites activities
    6. Setup a captcha as a measure to stop automated orders

    You can also block a lot of malicious traffic by updating your .HTAccess files to stop bots/and scripting tools from making requests to the web server.

    joopleberry

    (@joopleberry)

    I’ve just signed up for AntiSpam by Cleantalk (paid service though)… seems to be working so far. No more spam users *crosses fingers*

Viewing 15 replies - 31 through 45 (of 159 total)
  • The topic ‘Failed Orders – Fake Information’ is closed to new replies.